Andrey V. Elsukov wrote:
Hi, All!
I've make a small patch that add a rule action
tracing feature to ipfw2.
http://butcher.heavennet.ru/patches/kernel/ipfw_trace/
This patch can be usefull when you have too many
ipfw-rules. When some packets not pass ipfw - It is not
easy to determine rule which block these packets.
How to use:
# ipfw add 1 count tag <SOME_TAG> <RULE_BODY>
# sysctl net.inet.ip.fw.trace_tag=<SOME_TAG>
# tail -f /var/log/security
<SOME_TAG> - some tag number
<RULE_BODY> - rule for matching needed packets
What you think about that?
Can you show some sample usage and output?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
